Security audits of PHP applications are usually performed on a source code basis. However, sometimes vendors protect their source code by encrypting their applications with runtime (bytecode) encryptors. When these tools are used source code analysis is no longer possible and because these tools change how PHP works internally, several grey box security scanning/fuzzing techniques relying on hooks fail, too.